top of page

Plant Protection Systems

Combustible & Toxic Gas | Fired Equipment | Safety Instrumented Systems

SIS Engineering

Reducing systematic failures reduces risk

Our full understanding of the lifecycle prevents rework, saves time, and produces a more effective safety system.  Critical decisions made in the analysis phase reduce the risk of late discoveries on your capital projects.  

A successful Safety Instrumented System (SIS) project is one that meets its intended safety performance requirements while also achieving all other project objectives.  aeSolutions will define, design, and document the safety functions to meet ANSI/ISA-61511 lifecycle requirements of a process safety project with expertise and attention to detail from study through start up. Clients trust aeSolutions to ensure that they get the best return on their capital expenditures.

Safety Lifecycle Services

logic controller - control systems as part of SIS system

Allocations of Safety Functions to Protection Layers

Independent Protection Layer (IPL) Validation of Credits

BPCS/SIS Independence Assessment

Safety Requirement Specifications

Safety Requirements Specification (SRS)

Installation, Commissioning, and Validation

Proof Test Philosophy & Design

aeShield Software

Operational / Safety Improvements

Verify Existing 




safety instrumented systems project flow chart

Assess Intended SIS Design

Develop Options for Modification to Meet Objectives

Select Preferred Options

Assess Current Operations

Develop Options for Modification to Meet Objectives

Select Preferred Options

Assess Concept SIS Design

Develop Options for Modification to Meet Objectives

Select Preferred Options

During the hazard and risk analysis phase of the safety lifecycle Independent Protection Layers (IPLs) are identified.  Claiming credit for one or more IPLs that do not provide the protection claimed will result in under-designed SIFs, increasing risk to the facility.  Claiming less credit for IPLs than is actually provided will result in over-designed SIFs, increasing capital cost.  aeSolutions has the expertise and experience to help you perform this critical task most effectively.

BPCS/SIS Independence Assessment

During hazard reviews protection layers implemented in both the BPCS (e.g. the DCS) and SIS are identified.  Determining if different protection layers are truly independent so that they are credited properly in the risk analysis can be complex.  With our experience in process automation and functional safety we can ensure this analysis is done correctly.

Safety Requirements Specification (SRS)

The SRS (clause 10 of ISA/IEC 61511) takes the results of the hazard and risk assessments and defines the requirements that the individual SIFs must meet.  The SRS is an input to the SIS design process but not all of the required information is available when design starts.  Our SIS Specialists have configuration, instrumentation, and operations experience, allowing them specify feasible solutions to complex SIF implementation problems.

The hazard and risk assessments identify the need for Independent Protection Layers (IPLs) to bring the risks associated with the various hazard scenarios in line with corporate risk tolerance guidelines.  Where one or more IPLs are determined to be SIFs aeSolutions has the experience and expertise to:

Confirm the SIL required for the SIF to avoid overdesign

Create a preliminary design for the SIF that conforms to ISA/IEC 61511

Identify the failure rates and parameters needed to calculate the Probability of Failure on Demand (PFD) of the SIF

 We use the most appropriate tool for calculating PFDs (or use the tool the client requires); for complex SIFs we can use Fault Tree Analysis for the calculations

Optimize the SIF to meet the desired proof test interval and spurious trip frequency

Recommend specific field devices for the SIF

Document the calculations including the data and parameters used C&E diagrams are frequently the input to developing the software to be implemented on a SIS logic solver (sometimes together with a narrative).  As such they are of critical importance to successful implementation of the SIFs in any functional safety project.  Our C&E templates have been developed from many years of experience to optimize ease-of-use for configuration, testing, operator training and turnover effectiveness. In cases where the functional complexity exceeds the capacity of C&Es, our staff is capable of selecting the most efficient alternate format.

Quantitative Risk Assessment (QRA) is a risk assessment methodology that allows for numerical estimates of the level of risk associated with a certain activity or series of activities to be estimated and then assessed.  Risk is a function of consequence and likelihood and aeSolutions has the experience and tools to evaluate both for a QRA. For example we can use the PHAST software to model chemical releases in evaluating consequences of an incident.  QRA can be a valuable decision support tool when evaluating complex hazard scenarios. 

Logic narratives are sometimes required in addition to cause and effect diagrams to explain the functioning of a SIS, particularly when there are field devices shared among SIFs or there are other types of interdependencies.  Sequential Function Charts (SFCs) are an example of logic diagrams that can be used to illustrate the functioning of a SIS.  SFCs are frequently used to document the various operating modes of fired equipment.  The aeSolutions staff is capable of selecting the best format, or combination of formats, to best meet the requirements of our clients. The Application Program Requirement Specification (APRS) is an extension of the SRS, and includes requirements for software applications used in a SIS.  aeSolutions can assist you in developing an APRS so that the resulting application meets the requirements of ISA/IEC 61511 and correctly implements the different SIFs.

The ISA/IEC 61511 standard (Clause 13)  requires that the need for a FAT should be identified during safety planning for a project, and also provides guidance on how a FAT should be planned and conducted.  Clause 15, SIS Safety Validation (also know as a SAT), provides similar guidance.  aeSolutions SIS engineers have the experience to develop these plans, oversee their execution as an independent 3rd party, or execute these tests.

The goal of a proof test of a SIF is to reveal previously undiagnosed dangerous hardware failures (those failures that would prevent the SIF from reacting to a hazard).  Proof test coverage (the fraction of these failures a given proof can reveal) and the interval at which proof tests are conducted are important inputs into determining if a SIF meets its required SIL.  Developing a proof test philosophy can provide for consistency in proof test procedures and how they are conducted.  aeSolutions' experts have the field experience to discuss the testing requirements, site practices and available technologies to determine and document a comprehensive testing philosophy.

We also have a library of proven proof test procedures to choose from when assembling a testing package, and we have the expertise to work with clients to implement effective testing, failure classification, and feedback mechanisms to validate reliability data claimed in Risk Analysis and SIL Verification.

Corporate SIS Project Standards Development

aeSolutions can help create or update the practices and procedures you need for compliance with the ISA/IEC 61511 standard.  For example:

  •   Risk Assessment Standards​

  •   SIL Selection Standards​

  •   Functional Safety Assessment Templates​

  •   SIS Design and Implementation Standards

Functional Safety Management Planning (FSMP)

The ISA/IEC 61511 standard identifies the management activities that are necessary to ensure that functional safety objectives are met:

  + Organization and resources
  + Risk evaluation and risk management
  + Safety Planning
  + Assessment, auditing and revisions
  + SIS configuration management

aeSolutions can assist you in developing a management plan to accomplish what the standard requires but tailored to your specific circumstances and resources.


The design and operation of Safety Instrumented Systems (SIS) requires an understanding of instrumentation failure characteristics, the Safety Lifecycle, probability mechanics, and the relevant international standards.

We offer training in the following areas, and we also offer training customized to your specific needs:
     - Safety Requirements Specification (SRS)
     - Calculations of the Probability of Failure on Demand (PFD)
     - Fault Tree Analysis
     - Determination of Architectural Constraints
     - Identifying and Modeling for Common Causes of Failure
     - Degraded Voting
     - Failure Rate Estimation

Featured Stories
bottom of page